03-09-2017 09:48 AM
Hello All,
Can we authorize a subset of users based on IP subnet in ISE 2.2?
I have found the CISCO AV PAIR of cisco-ip-pool= but not sure if this is looking at the endpoints IP and detecting that it is in the subnet range or not.
any assistance would be helpful.
--
Grace and Peace,
Robert E Roulhac Jr
Virtual Systems Engineer II
Cisco TSN (Technical Solutions Network)
Office: 919.5745455
Solved! Go to Solution.
03-09-2017 10:03 AM
Yes, you can. First create the Condition by navigating to Policy > Policy Elements > Conditions > Network Conditions > Endstation Network Conditions. Enter the information to include any IP Ranges and click Submit.
To use this in a Authorization Policy, navigate to you policy set and choose Select Existing Condition from Library.
The choose Network Condition
And finally select the Network Condition you created.
Assign an Authorization Profile to the rule and Click Save.
03-09-2017 10:03 AM
Yes, you can. First create the Condition by navigating to Policy > Policy Elements > Conditions > Network Conditions > Endstation Network Conditions. Enter the information to include any IP Ranges and click Submit.
To use this in a Authorization Policy, navigate to you policy set and choose Select Existing Condition from Library.
The choose Network Condition
And finally select the Network Condition you created.
Assign an Authorization Profile to the rule and Click Save.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide